How to Get Your Cryptocurrency STOLEN presented by Ray Redacted at Bit Block Boom.
Blog post by Cousin Edgar Stumblefield.
Main Issue With Theft
Maturity with cybercriminals and cyberdefenses. The criminal maturity is much higher than cyberdefenses. If you are trying to break into cybercurrency, currently the benefits are very high, and the probability of being caught is very low.
With cryptoassets once your password is gone, it is gone (you can't ask to have your password reset) ;
Hygiene: The processes used to stay healthy
Password , Patch , Situational and Patch Hygiene
10. Bad OpSec
Ex: Taking a picture with a post it note in the background with your password ; posting messages on FB and Twitter bragging about how much money you are making with cryptocurrencies – thieves are more likely to go after those who are making a lot of money with crypto.
Open Source intelligence – can reverse engineer pictures to get your information
WiFi OpSec can hack into Wifi. Most likely to happen at a cryptocurrency convention.
MiTM (Man In The Middle) Attacks:
But I use a VPN! The problem with VPNs is that you add the VPN into the MiTM ;
- Use Custodial Sites ; Ex: Cryptopia or Mercatox ; KYC Paradox ; having to take a picture of your driver's license, or passport, and send it to places where you have no idea what their security is like.
If you don't own your private key, you don't own your bitcoin ; not just sharing it, or getting it to use ; it needs to be one you generate and control completely yourself.
- Avoid Airgapped 2FA and Hardware Wallets
Hardware Wallets ; less than 1 in 100 have a hard wallet
- Username and Password Re-Use ; when you use a password across various platforms, once one site is breached, it makes the other sites susceptible.
On your gmail account, you can create various email aliases ; example email@example.com can have firstname.lastname@example.org
- Airdrops & Twitter Scams ; Ex: give away free tokens if someone sends you their private key ;
5. Ransomeware ; use to be most popular, but now is cryptojacking (using someone's computer to mine) ;
4. Die – most people do not have a specific plan in place on how their cryptocurrencies will be handled when they have passed on ; can set up a dead man's drop ; can work with an attorney
3. Skip MultiFactor Entirely ; most people skip this ; #1 way to help keep your account from being hacked ; DO NOT depend on SMS ; MFA or “Have a Nice Day” ; any financial website you access should access MFA, otherwise you should not use that financial website ;
2. Use SMS instead of MFA
1. Social Engineering – Ex: Jimmy Kimmel sent someone on the street to ask people about their passwords and people would easily give out their passwords as the interviewer brought it up in the conversation ; when online, don't ignore pop up warnings ;
Ray Redacted is a network and Information Security researcher with 20 years of expertise in cyberdefense research, application solution design, and next-generation network architectures. Ray is a frequent writer, researcher, and speaker on topics such as encryption, malware reverse engineering, and the advanced persistent threats facing international law enforcement agencies. In addition to a degree from Purdue University and numerous industry certifications, he also has many years of front-line experience in the prevention and mitigation of attacks from cybercriminals, hacktivist groups, and nation state actors.